Resources for the Check Point Community, by the Check Point Community.

Tim Hall has done it again! He has just released the 2nd edition of "Max Power".Rather than get into details here, I urge you to check out this announcement post. It's a massive upgrade, and well worth checking out. -E

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Re: Cant Access Local VMs when on VPN

Jessica,

You are using what they call Hub mode, so looking for that on the knowledgebase I found sk121766 for you:In Endpoint Security VPN Client E80.70 or higher, it is possible to exclude local networks from the Hub Mode. Find the following line in the $FWDIR/conf/trac_client_1.ttm file on the CMA: exclude_local_networks_in_hub_mode and update the value to true.

Re: Cant Access Local VMs when on VPN

Originally Posted by msjouw

Jessica,

You are using what they call Hub mode, so looking for that on the knowledgebase I found sk121766 for you:In Endpoint Security VPN Client E80.70 or higher, it is possible to exclude local networks from the Hub Mode. Find the following line in the $FWDIR/conf/trac_client_1.ttm file on the CMA: exclude_local_networks_in_hub_mode and update the value to true.

Thanks Maarten

I am getting this needs to be done on the Security Gateway, not on the Client machine (my laptop) right? And if we have to do this on the SG(FW) , will this open up , a split tunnel for all the other users or just me?

Re: Cant Access Local VMs when on VPN

All settings that you do to trac_client_1.ttm on the gateway will be applied to all clients, there are some options that you can set to Client_Decide, but I don't know if this holds true for one.

The file will be collected from the gateway on a regular base. In some cases you want this file distributed from the CMA to all gateways (when you use multiple gateways with secondary connect) and there is an SK to force that as well.

Re: Cant Access Local VMs when on VPN

All settings that you do to trac_client_1.ttm on the gateway will be applied to all clients, there are some options that you can set to Client_Decide, but I don't know if this holds true for one.

The file will be collected from the gateway on a regular base. In some cases you want this file distributed from the CMA to all gateways (when you use multiple gateways with secondary connect) and there is an SK to force that as well.

Thanks, do you have option to exclude certain subnet only from the VPN and have everything else full tunnel?

Re: Cant Access Local VMs when on VPN

The reason you use hub mode might be relevant. Do you only want to force clients' Internet traffic through your central firewalls, or do you also want to prevent clients from talking to local printers, for example?

If all you care about is Internet access, you can always turn off hub mode and throw the whole public IP space into your remote access encryption domain. This is a little unwieldy, but you shouldn't need to mess with it often. You then include exact private networks you want to be covered, and all other private networks don't go through the tunnel.

Re: Cant Access Local VMs when on VPN

Originally Posted by Bob_Zimmerman

The reason you use hub mode might be relevant. Do you only want to force clients' Internet traffic through your central firewalls, or do you also want to prevent clients from talking to local printers, for example?

If all you care about is Internet access, you can always turn off hub mode and throw the whole public IP space into your remote access encryption domain. This is a little unwieldy, but you shouldn't need to mess with it often. You then include exact private networks you want to be covered, and all other private networks don't go through the tunnel.

Thanks Zimmerman.

We want all client Internet traffic to go through central firewalls but the client should be able to access there local VM on there local machine.

Re: Cant Access Local VMs when on VPN

But still when I try to access the local network, the traffic seems to be going to the security gateway.

I dont know how I can change this behaviour and access my local VMs on my VMworkstation when I am connected to VPN.

Any suggestions would be greatly appreciated, I am preparing for my Checkpoint Exam and need to access my EVE-NG VM which I use for checkpoint lab but because of this silly checkpoint VPN client, I am not able to access it on VPN.